syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in dtSearch

Status: upstream: reported C repro on 2024/04/29 00:37
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+bd3506d55fa4e2fd9030@syzkaller.appspotmail.com
First crash: 387d, last: 15h35m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: slab-out-of-bounds Read in dtSearch (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] KASAN: slab-use-after-free Read in dtSearch 0 (1) 2024/04/29 00:37
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in dtSearch jfs C error done 33 501d 964d 25/28 fixed on 2024/02/13 12:02
linux-4.14 KASAN: slab-out-of-bounds Read in dtSearch jfs C 2 807d 965d 0/1 upstream: reported C repro on 2022/09/24 21:35
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch (2) origin:upstream C 49 27d 158d 0/3 upstream: reported C repro on 2024/12/09 07:03
linux-5.15 KASAN: slab-out-of-bounds Read in dtSearch origin:upstream C error 156 5d23h 383d 0/3 upstream: reported C repro on 2024/04/28 11:04
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch 5 264d 327d 0/3 auto-obsoleted due to no activity on 2024/12/03 23:18
linux-4.19 KASAN: slab-out-of-bounds Read in dtSearch C error 1 965d 965d 0/1 upstream: reported C repro on 2022/09/24 21:36

Sample crash report:
blkno = 8ed2c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAlloc: the hint is outside the map
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:628:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor179 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtSearch+0x1bde/0x2520 fs/jfs/jfs_dtree.c:628
 jfs_lookup+0x17f/0x410 fs/jfs/namei.c:1461
 lookup_one_qstr_excl+0x126/0x2b0 fs/namei.c:1693
 filename_create+0x297/0x540 fs/namei.c:4083
 do_mkdirat+0xbd/0x3a0 fs/namei.c:4328
 __do_sys_mkdir fs/namei.c:4356 [inline]
 __se_sys_mkdir fs/namei.c:4354 [inline]
 __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3549acd117
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff68fe9d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3549acd117
RDX: 0000000000004800 RSI: 00000000000001ff RDI: 0000400000000180
RBP: 0000400000000180 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff68fe9e10 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff68fe9e10 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace ]---

Crashes (1350):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/21 12:44 upstream 334426094588 0808a665 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2024/11/13 11:06 upstream f1b785f4c787 62026c85 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/07/22 05:21 upstream 7846b618e0a4 b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 03:07 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 02:43 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2024/10/31 06:51 upstream 4236f913808c fb888278 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/05/04 16:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/05/11 23:35 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/05/08 00:46 upstream 707df3375124 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/05/05 10:36 upstream 14c55b7bb0a8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/05/01 09:40 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/05/01 02:12 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/04/21 01:35 upstream 6fea5fabd332 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/04/12 19:36 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/04/11 19:04 upstream 900241a5cc15 94486846 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/04/10 18:14 upstream 2eb959eeecc6 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2024/05/12 22:08 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in dtSearch
2025/04/21 17:52 upstream 9d7a0577c9db 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in dtSearch
2025/04/20 03:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in dtSearch
2025/05/16 15:09 upstream fee3e843b309 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/15 18:26 upstream 088d13246a46 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/13 06:43 upstream 627277ba7c23 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/11 17:07 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/08 16:30 upstream d76bb1ebb558 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/08 01:50 upstream 707df3375124 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/07 07:15 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/05 05:55 upstream 14c55b7bb0a8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/02 15:12 upstream ebd297a2affa d7f099d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/28 22:23 upstream f15d97df5afa aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/27 11:53 upstream 5bc1018675ec c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/22 00:53 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/21 22:19 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/20 16:30 upstream 119009db2674 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/16 21:09 upstream c62f4b82d571 a95239b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/12 21:04 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/12 17:51 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/12 15:23 upstream 3bde70a2c827 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/11 14:53 upstream 900241a5cc15 94486846 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/11 11:09 upstream 900241a5cc15 94486846 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/04/10 22:32 upstream 2eb959eeecc6 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/03/27 13:12 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dtSearch
2025/03/27 11:10 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2025/02/26 22:51 upstream ac9c34d1e45a 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2025/02/05 01:02 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2024/08/09 13:57 upstream ee9a43b7cfe2 a83d9288 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: out-of-bounds in dtSearch
2024/06/22 05:40 upstream 66cc544fd75c edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/14 16:56 upstream 8ffd015db85f 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtSearch
2025/05/06 22:46 upstream 0d8d44db295c 350f4ffc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/03 12:19 upstream 95d3481af6dc b0714e37 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/02 17:52 upstream ebd297a2affa d7f099d1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/28 12:50 upstream b4432656b36e c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/28 01:26 upstream b4432656b36e c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/27 16:41 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/27 06:46 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/26 14:50 upstream f1a3944c860b c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/23 17:00 upstream bc3372351d0c 57d54c08 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/23 11:49 upstream bc3372351d0c 57d54c08 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/20 01:44 upstream 8560697b23dc 2a20f901 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/17 13:13 upstream cfb2e2c57aef 552876f8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/17 05:13 upstream c62f4b82d571 a95239b1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/16 22:26 upstream c62f4b82d571 a95239b1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/16 13:05 upstream 1a1d569a75f3 a95239b1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/15 02:29 upstream 834a4a689699 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/12 10:04 upstream e618ee89561b 0bd6db41 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/03/27 19:43 upstream 1a9239bb4253 928390c4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSearch
2024/06/25 22:26 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-out-of-bounds Read in dtSearch
2025/02/26 02:06 linux-next e5d3fd687aac d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2025/04/22 08:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/04/17 20:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 2a6ededb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/04/16 19:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/04/13 03:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2fe2b96c3818 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2024/07/19 17:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c912bf709078 ee4e11c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: use-after-free Read in dtSearch
* Struck through repros no longer work on HEAD.